Nmap Development mailing list archives
NSE: Packet retransmit breaking rdp-ntlm-info #1682
From: Tom Sellers <nmap () fadedcode net>
Date: Sat, 10 Aug 2019 15:24:29 -0500
All, I'm tossing a copy of GitHub issue #1682 ( https://github.com/nmap/nmap/issues/1682 ) here so that more people may see it. Copied from the issue:I've seen some reports, which I was able to reproduce, that rdp-ntlm-info didn't work against Windows 7. While testing I noticed that some of the packets were being sent twice which was breaking the protocol negotiation. This seems to happen when scanning with -sS but not -sT.
This appears to be an issue with Nmap or NSE and how raw packets are handled. You can observe the retransmission using Wireshark / tcpdump. Reproduce error sudo nmap -sS --script rdp-ntlm-info -p 3389 -n target_ip Workaround sudo nmap -sT --script rdp-ntlm-info -p 3389 -n target_ip When running with --packet-trace I only see Nmap send the packet once (in the output) in either case. If you view the traffic with Wireshark you can see that it is re-transmitted. In the image linked below Packet 15 is the original, packet 16 is the retransmission: https://user-images.githubusercontent.com/6500426/62826433-14768e00-bb81-11e9-8f05-24b17fe265dc.png I was able to create a simple reproducer which removes the protocol from the equation. Command sudo nmap -sS --script +test -p 3389 target_ip Script named 'test.nse' local nmap = require "nmap" local stdnse = require "stdnse" local shortport = require "shortport" categories = {"safe"} portrule = shortport.port_or_service("3389", "ms-wbt-server") action = function( host, port ) socket = nmap.new_socket() socket:set_timeout(5000) if ( not(socket:connect(host, port)) ) then return false, "Failed connecting to server" end local status, err = socket:send("If a packet hits a pocket on a socket on a port..") if ( not(status) ) then return false, err end stdnse.debug1("Sent, now waiting...") _, data = socket:receive() stdnse.debug1("Closing") socket:close() return data end Environment $ nmap --version Nmap version 7.70SVN ( https://nmap.org ) Platform: x86_64-unknown-linux-gnu Compiled with: nmap-liblua-5.3.5 openssl-1.1.1 libssh2-1.8.0 libz-1.2.11 nmap-libpcre-7.6 libpcap-1.8.1 nmap-libdnet-1.12 ipv6 Compiled without: Available nsock engines: epoll poll select Linux sammich 5.0.0-23-generic #24~18.04.1-Ubuntu SMP Mon Jul 29 16:12:28 UTC 2019 x86_64 x86_6 - Tom _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE: Packet retransmit breaking rdp-ntlm-info #1682 Tom Sellers (Aug 10)
- Re: NSE: Packet retransmit breaking rdp-ntlm-info #1682 (Not just rdp-ntml-info but all NSE scripts) Paulino Calderon (Aug 11)